

<HTML>
<HEAD>


<TITLE>RadiologyDB Login</TITLE>
</HEAD>

<BODY>
<!--A simple example to demonstrate how to use JSP to 
    connect and query a database. 
    Original author  Hong-Yu Zhang, University of Alberta
    
    New page now serves as yes/no login successful and sets session vars.
    Modified by:
    @author Nicholas Liu
 -->
<%@ page import="java.sql.*" %>
<%@ page import="ca.radiologydb.util.Template" %>
<%@ page import="ca.radiologydb.util.ConnectionManager" %>
<% 

Template template = new Template(this.getServletContext().getRealPath("/").toString());
out.println(template.getTemplateTop());

        if(request.getParameter("bSubmit") != null)
        {

	        //get the user input from the login page
        	String userName = (request.getParameter("USERID")).trim();
	        String passwd = (request.getParameter("PASSWD")).trim();


	    	ConnectionManager manager = new ConnectionManager();
	    	Connection conn = manager.getConnection();
	

	        //select the user table from the underlying db and validate the user name and password
        	Statement stmt = null;
	        ResultSet rset = null;
        	String sql = "select password, class from users where user_name = '"+userName+"'";
        	//String sql = "select * from users";
        	try{
	        	stmt = conn.createStatement();
		        rset = stmt.executeQuery(sql);
        	}
	
	        catch(Exception ex){
		        out.println("<hr>" + ex.getMessage() + "<hr>");
        	}

	        String truepwd = "";
	        String vars[] = new String[2];
	
        	while(rset != null && rset.next()) {
	        	vars[0] = (rset.getString("password"));
	        	vars[1] = (rset.getString("class"));
        	}
	
        	//display the result
	        if(passwd.equals(vars[0])) {
		        out.println("<p><b>Your Login is Successful!</b></p><br>");
		        // present links based on class of user here.
		        session.setAttribute("username", userName);
		        session.setAttribute("usertype", vars[1]);
		        if (vars[1].contains("d")) {
		        	// search, personal management.
		        	out.println("You can access the following: Search, Profile<br>");
		        }
		        else if (vars[1].contains("p")) {
		        	// search, personal managemeent.
		        	out.println("You can access the following: Search, Profile<br>");
		        }
		        else if (vars[1].contains("r")) {
		        	// search, personal management, upload.
		        	out.println("You can access the following: Search, Profile, New Radiology Record<br>");
		        }
		        else if (vars[1].contains("a")) {
		        	// search, global management, reports, data analysis.
		        	out.println("You can access all functions.<br>");
		        }
	        }
        	else {
        		out.println(truepwd + " " + truepwd.length());
	        	out.println("<p><b>Either your userName or Your password is invalid!</b></p>");
        	}

            try{
                    conn.close();
            }
            catch(Exception ex){
                    out.println("<hr>" + ex.getMessage() + "<hr>");
            }
            
            manager.closeConnection();
        }
        else
        {
                out.println("<form method=post action=login.jsp><table id='form_table'>");
                out.println("<tr><th>UserName:</th> <td><input type=text name=USERID maxlength=20></td></tr>");
                out.println("<tr><th>Password:</th> <td><input type=password name=PASSWD maxlength=20></td></tr>");
                out.println("<tr><td align=right colspan=2><input type=submit name=bSubmit value=Submit></td></tr>");
                out.println("</table></form>");
        }      
%>



</BODY>
</HTML>

